Consumers Clueless on Why They Should Update Software, Survey

A trio comprised of Skype, Symantec and TomTom today publicized the kickoff of “International Technology Upgrade Week” (ITUW), an initiative designed to encourage consumers to download software updates to their computers and electronic devices more often.

The main focus of International Technology Upgrade Week, the group says, is to “directly address consumers’ concerns and educate them on the value of keeping their software up to date, especially when many updates are free.”

According to recent online survey taken by American, British and German members of the YouGov Plc GB panel, 40 percent of adults don’t always update software on their computers when initially prompted to do so. Why not? It seems as though people don’t understand the benefits of updating, or the risks often associated with not updating their software.

The survey statistics showed that one quarter of the consumers don’t clearly understand what software updates do and an equal percentage of consumers don’t understand the benefits of updating regularly.

In looking at the impact of automatic update notifications, the survey found that while three quarters of adults received notifications on their computers telling them to update their software, more than half said they needed to see a prompt between two and five times before downloading and installing an update. Even for those consumers who recognized the benefits of upgrading, one quarter didn’t know how to check if their installed software even needs updating.

“Here at Skype, we are constantly getting feedback from our users and making improvements to Skype every day,” said Linda Summers, Director of Product Marketing at Skype. “Only by regularly upgrading, are consumers able to enjoy the benefits of improved voice and video calling quality, longer mobile battery life and bug fixes, in addition to new features that we regularly add across our product portfolio, like Photo Sharing on mobile, or Group Video Calling and Group Screen Sharing on a computer.”

Interestingly, across all regions surveyed, statistics showed that more men than women upgrade software when prompted to.

“From a security perspective alone, staying up-to-date on the latest security patches is critical,” notedWiebke Lips, Senior Manager, Corporate Communications at Adobe in a blog post about the survey. “The vast majority of attacks (up to 99.8 percent according to a recent study) are exploiting software installations that are not current with the latest security updates. So staying up-to-date on your software is the best thing you can do to protect yourself (and your information) from the bad guys.”

When asked for their top reasons for either downloading or not downloading updates, survey respondents had the following responses:

Top Reasons for Updating

Top Reasons for Not Updating

Keeping computers safe from viruses/hackers

Worried about computer security, so I don’t download everything I’m prompted to

Ensures software is free of bugs and crashes less often

There are no real benefits in doing it

Having the latest and greatest software features

Upgrades take too long

Upgrades are often free

Lack of understanding about what the update(s) will do

According to a report from Secunia, the number of end-point vulnerabilities increased once again in 2011 to over 800 vulnerabilities – a tripling within only a few years - more than half of which were rated by Secunia as either ‘Highly’ or ‘Extremely critical’. Patching insecure programs helps safeguard data and PC against cybercriminals. These cybercriminals are increasingly targeting private PCs. Their entry points are vulnerabilities in popular non-Microsoft programs, which are exploited and used as a gateway to compromise PCs and access confidential data such as passwords, online profiles, and bank details. Attacks exploiting vulnerable programs and plug-ins are often not blocked by traditional anti-virus.

“The good news is that times have changed,” Lips added. “Especially for consumers, software updates have become much easier and much more reliable than they once were. Software vendors continuously look for ways to make the update process less cumbersome.”

While many vendors have introduced improved auto-update features, other tools are available that can help the updating process, and bring added levels of security.

In June, for example, Secunia launched Secunia Personal Software Inspector 3.0, a free scanner that identifies software applications that may be insecure and need to be patched. Following its debut in 2007, the tool now supports and provides the security status for more than 3,000 vendors, including Microsoft and third-party programs. The tool now lets users receive the automatic security patch updates from Secunia, a significant new feature and a major leap forward in raising the security-level of computers worldwide. This “hands off” approach makes it easier and more effective for users to maintain secure software applications and data stored on computers.

Getting users to patch software in a timely manner is likely to be a challenge for some time. While vendors are making headway with automatic updates and behind the scenes patching, consumers are often stuck with the idea that they should not to click on update prompts that could potentially be tricking them into installing Fake AV or other forms of malware. When it comes to "clicking", you're damned if do and you're damned if you don't.

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.